Retail IT teams are under tremendous pressure to drive digital transformation within brick-and-mortar locations, and to place the store at the centre of their customer experience in order to compete with online merchants and marketplaces. To achieve this, they are leveraging next-generation technologies to enable personalised, immersive experiences within the stores, but they are consistently challenged by the lack of on-site technical staff at branch locations.
“IT staff responsible for connecting, securing and managing retail locations must rethink the way they architect their branch networks. A unified edge-to-cloud architecture that automates and secures LAN, WAN and cloud connectivity is paramount to driving operational efficiency and addressing the lack of IT staff,” says Warren Gordon, Business Unit Manager at Duxbury Networking, Aruba distributors.
While retailers are embracing digital technologies such as mobility and IOT to enhance the shopping experience, they are also facing new security threats and an increased attack surface. Traditional security techniques were not designed to handle these new and evolving threats, so as a result, many IT teams are adopting a Zero Trust Security framework, an architecture that dictates that no one within or outside the network is trusted.
Key elements of a Zero Trust Security framework include a policy engine/trust broker, the ability to dynamically segment traffic based on identity and role, and continuous monitoring for changes in security status with the corresponding real-time adjustment of access policies. In addition, IT teams gain enhanced security by employing a Secure Access Service Edge (SASE) approach, which combines network security functions with WAN capabilities to support the dynamic secure access needs of organisations.
Aruba has long supported the principles of a Zero Trust Security framework with its market-leading, role-based access technology and Dynamic Segmentation, which provides unified, software-defined micro-segmentation across the network, in branch and campus environments, in order to isolate users, devices and applications from one another based on role, rather than the type or location of the network connection.
Aruba’s unified branch defence capabilities deliver a complete solution for security and connectivity at retail locations, defending against a myriad threats, including phishing, denial of service (DOS) and increasingly widespread ransomware attacks.
“Aruba is advancing its unified branch defence capabilities with new IDS/IPS functionality that integrates with Aruba’s ClearPass Policy Manager and Policy Enforcement Firewall. By leveraging role-based access, Aruba adds a new identity-based detection dimension to traditional intrusion detection and prevention, enabling security teams to focus on alerts that matter,” says Gordon.
Aruba’s unified branch defence also includes:
- One-click integration with cloud-based security solutions;
- Threat visibility and trend analysis;
- Correlation of security events with sites, clients, applications and network infrastructure;
- Out-of-box policies for enforcement and incident response;
- Security event streaming to third-party Security Information and Event Management (SIEM) solutions; and
- ClearPass Policy Manager for global access policy development and propagation.
Enhanced network security
Aruba’s SD-Branch solution enables more secure, streamlined and simplified deployment and management of large distributed retail networks, and is a critical component of the company’s edge-to-cloud strategy. Aruba’s central cloud management platform provides a single point of control and management for SD-WAN, wired and wireless networking. Aruba’s SD-Branch solution integrates Aruba Branch Gateways with the Aruba Central cloud management platform, thereby enabling secure, simplified branch connectivity at scale.
The Aruba SD-Branch innovations include:
- An expansion of Aruba’s unified branch defence capabilities to provide unique, identity-based attack detection and intrusion prevention, to deliver zero-trust in-store network security;
- New enhancements to the SD-WAN Orchestrator in Aruba Central to deliver unified edge-to-cloud management and secure connectivity to cloud workloads; and
- New branch gateways that provide non-stop connectivity via built-in cellular, including LTE.
As adoption of software-as-a-service (SaaS) applications and virtual private clouds (VPCs) continue to rise, so has the complexity of maintaining security and control over the data, traffic and users accessing the cloud. Aruba is extending its Zero Trust Security model to the cloud with the enhanced SD-WAN Orchestrator in Aruba Central, making it easier for branch network operators to deploy flexible and secure overlay topologies in a large-scale edge infrastructure, securely connecting thousands of remote locations to applications in data centres and the cloud.
Aruba Virtual Gateways, available for AWS and Azure, combined with orchestration, cost-effectively extend network and security policies to workloads running in the public cloud, while the new SaaS Express prioritisation feature continuously probes hosting locations for SaaS applications to ensure application performance.
Seamless shopping experience
To help ensure a seamless shopping experience, retailers need a highly reliable network infrastructure as the foundation for digital transformation. Built-in cellular access in the Aruba 9004 Series Gateways gives customers the option to use the connection as a primary or secondary uplink or in a load shared active-active mode with other broadband links. Further, for cost control purposes, retailers can selectively use the cellular uplink for certain applications in any of these modes.
Embedded cellular provides retailers with reliable, high-performance backup connectivity with seamless failover that can be centrally managed. IT staff are able to tune and optimise connectivity by defining SLA policies across a combination of MPLS, Internet and cellular links enforced with dynamic path steering in real-time, with the ability to select the preferred cellular link. The cellular link can also be used for remote locations or to accelerate the deployment of a new store until the dedicated MPLS or Internet links are installed.
“Aruba pioneered the SD-Branch solution, creating a new category beyond pure-play SD-WAN offerings that gives retail IT the ability to face the higher-level challenges of remote branch connectivity, such as reducing device footprint, unified management across WAN and LAN, and security,” says Gordon.
“Today’s advancements extend Aruba’s SD-Branch solution to further support retail network operators with new, integrated in-store security capabilities, public cloud workload orchestration, and resiliency that retailers need for non-stop operations.”